How to encrypt an external hard drive in Lion

FileVault 2 not only encrypts your Mac’s internal drive, but it can also encrypt external drives connected via USB and FireWire (and we suspect you’ll be able to encrypt external drives connected via Thunderbolt, but Apple’s documentation doesn’t specify this). However, external drives must be formatted using HFS+. If you have an external drive you want to use with both Windows and a Mac, you have to use the FAT file format, and you can’t encrypt it.

To encrypt your external drive, you need to use Disk Utility (/Applications/Utilities) to reformat it. You can’t encrypt a drive that has data on it—that’s a major drawback if you have an existing hard drive with a ton of data and you want it encrypted. If you want to keep the data, you need to back it up and then copy it back to the drive after the reformatting.

One major caveat: During our testing, encrypted external hard drives could only be used on other Macs running Lion, and not with older versions of OS X. When we connected a drive encrypted using Lion’s Disk Utility to a MacBook Pro running Snow Leopard, a message appeared, stating that the drive required OS X 10.7.

Interested in encrypting your external hard drive? We’ll take you through the steps here.

Step 1: Disk Utility

To encrypt an external drive, connect it to your Mac, wait until it mounts on your desktop after you turn it on, and launch Disk Utility. You’ll see a left column that lists the storage devices on your Mac. The first device is your internal drive. Your external drives should follow. Select the drive you want to encrypt. Then click on the Erase tab in the section to the right.

In the Format pop-up menu, you’ll see two new disk formats available to you, in addition to the standard Mac OS Extended (Journaled), Mac OS Extended (Case-sensitive, Journaled), MS-DOS (FAT), and ExFAT. The two new formats are Mac OS Extended (Journaled, Encrypted), and Mac OS Extended (Case-sensitive, Journaled, Encrypted).

In most cases, you should pick Mac OS Extended (Journaled, Encrypted). The other encrypted Mac format lets you give files the same names but with different letter case treatment. (For example, both files named 2011taxes.numbers and 2011Taxes.numbers can exist in the same folder.) You also need to provide a name. Click Erase.

Step 2: Set a password

A window will appear, confirming that you want to create an encrypted volume. If so, you need to enter a password. You need to enter this password any time you mount the drive, so be sure to memorize it.

Once you enter and confirm the password, click Erase. This will start the formatting process, which will take several minutes. If you don’t want to encrypt the drive, click Cancel.

Step 3: Enter password

Once the drive is formatted, you’ll need to enter a password to access it. Your files will be automatically encrypted and decrypted. If you dismount the drive, you’ll need to enter the password when you try to mount it again on your desktop. If you enter the wrong password or don’t enter one, you can’t access the data.

At the password-entry window, you have the option to save your password in your keychain. This will allow your drive to mount without needing your password for that particular Mac that’s storing your keychain. If you try to attach the encrypted drive to, say, your friend’s Mac, which doesn’t have your keychain information, you’ll need to enter a password to access the drive.